Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Verifying Compiler: a Grand Challenge for Computing Research Tony Hoare Leiden5 November, 2003.

Published bySkylar Hallock Modified over 10 years ago

Similar presentations

Presentation on theme: "The Verifying Compiler: a Grand Challenge for Computing Research Tony Hoare Leiden5 November, 2003."— Presentation transcript:

1 The Verifying Compiler: a Grand Challenge for Computing Research Tony Hoare Leiden5 November, 2003

2 Typical Grand Challenges Prove Fermats last theorem(accomplished) Put a man on the moon (accomplished) Cure cancer within ten years(failed in 1970s) Map the Human Genome(accomplished) Map the Human Proteome (too difficult now) Find the Higgs boson(in progress) Find Gravity waves(in progress) Unify the four forces of Physics(in progress) Hilberts program for math foundations(abandoned 1930s)

3 In Computing Science Prove that P is not equal to NP (open) The Turing test (outstanding) The verifying compiler(abandoned in 1970s) A championship chess program (completed 1997) A GO program at professional standard (too hard) Machine translation English to Russian (failed in 1960s)

4 A Grand Challenge Is a fifteen-year project Is a fifteen-year project With world-wide participation, With world-wide participation, And clear test of success or failure. And clear test of success or failure. It offers fundamental and radical advance It offers fundamental and radical advance In basic Science or Engineering. In basic Science or Engineering.

5 A Grand Challenge needs Maturity of the state of the art Maturity of the state of the art General support from the international scientific community General support from the international scientific community Long-term commitment from the teams who engage in it Long-term commitment from the teams who engage in it Understanding from funding agencies Understanding from funding agencies

6 The Verifying Compiler A verifying compiler uses automated mathematical and logical reasoning to check the correctness of the programs that it compiles. Correctness is specified by types, assertions, and other redundant annotations that are associated with the code of the program.

7 Test of success On completion of the project, significant and representative samples of software products will be mechanically verified. On completion of the project, significant and representative samples of software products will be mechanically verified. Each sample will be suitable to replace existing software in routine use, and to serve as a basis for further software evolution. Each sample will be suitable to replace existing software in routine use, and to serve as a basis for further software evolution. A prototype verifying compiler will be available as part of a software engineering toolset A prototype verifying compiler will be available as part of a software engineering toolset

8 GC criteria Fundamental Fundamental Historical Historical Astonishing Astonishing Idealistic Idealistic Inspiring Inspiring Beneficial Revolutionary Feasible Risky Rare

9 Fundamental How does a software system work? How does a software system work? Annotation of interfaces explains how. Annotation of interfaces explains how. Why does it work? Why does it work? The theory of programming explains why. The theory of programming explains why. A verifying compiler checks the correctness of the answers… A verifying compiler checks the correctness of the answers… And enables the engineer to exploit the basic science. And enables the engineer to exploit the basic science.

10 Historical. The prestigious challenges are those which were formulated long ago; without concerted effort, they would be likely to stand for many years to come. The prestigious challenges are those which were formulated long ago; without concerted effort, they would be likely to stand for many years to come. The challenge of program verification goes back to Turing (1948), McCarthy (1962), Floyd (1967). The challenge of program verification goes back to Turing (1948), McCarthy (1962), Floyd (1967).

11 Idealistic The project does not duplicate commercially motivated evolution of existing products. The project does not duplicate commercially motivated evolution of existing products. Commercial tools follow market demand, and discover more and more faults; only academic research pursues ideals of purity, accuracy, completeness and correctness. Commercial tools follow market demand, and discover more and more faults; only academic research pursues ideals of purity, accuracy, completeness and correctness.

12 Astonishing It gives scope for engineering ambition to build something useful that was earlier thought impractical. It gives scope for engineering ambition to build something useful that was earlier thought impractical. It is amazing that computers can check the correctness of their own programs, using logical proof in the same way as mathematicians through the ages. It is amazing that computers can check the correctness of their own programs, using logical proof in the same way as mathematicians through the ages.

13 Testable The project has a clear measure of success or failure at the end; and ideally, at intermediate stages too. The project has a clear measure of success or failure at the end; and ideally, at intermediate stages too. A verifying compiler will certify total correctness of embedded software up to 10k lines, the safety of critical systems up to 100k lines, and the soundness and security of software up to a million lines. Many subtle bugs will be found and removed. A verifying compiler will certify total correctness of embedded software up to 10k lines, the safety of critical systems up to 100k lines, and the soundness and security of software up to a million lines. Many subtle bugs will be found and removed.

14 Inspiring The goals are generally comprehensible, and capture the imagination of the general public, as well as the esteem of scientists in other disciplines The goals are generally comprehensible, and capture the imagination of the general public, as well as the esteem of scientists in other disciplines The general public is well aware of the problem of software errors, and should welcome an attempt by computer scientists to solve a problem attributed to their own creation. The general public is well aware of the problem of software errors, and should welcome an attempt by computer scientists to solve a problem attributed to their own creation.

15 Beneficial The understanding and knowledge gained after completion of the project could bring scientific, economic or social benefits. The understanding and knowledge gained after completion of the project could bring scientific, economic or social benefits. Reduction in program errors could save $22-60 billion per year in US (US Dept. Commerce Planning Report 02-03, May 2002 ). Reduction in program errors could save $22-60 billion per year in US (US Dept. Commerce Planning Report 02-03, May 2002 ).

16 Revolutionary. The project involves a paradigm shift in scientific research practices. The project involves a paradigm shift in scientific research practices. At present large-scale long-term projects are rare among computer scientists. So is co-operation between theorists, tool-builders and tool users. At present large-scale long-term projects are rare among computer scientists. So is co-operation between theorists, tool-builders and tool users.

17 The team must include … Programming theorists Programming theorists Programming tool-set builders Programming tool-set builders Compiler writers and optimisers Compiler writers and optimisers Sympathetic users Sympathetic users Open source code contributors Open source code contributors Proof-tool builders, model checkers,… Proof-tool builders, model checkers,… Teachers and students can help Teachers and students can help

18 Feasible. The reasons for previous failure to meet the challenge are well understood and believable plans are under way to overcome them. The reasons for previous failure to meet the challenge are well understood and believable plans are under way to overcome them. Gigabytes and Gigacycles are now cheap Gigabytes and Gigacycles are now cheap Beneficiaries number in billions Beneficiaries number in billions The state of the art is much advanced The state of the art is much advanced

19 State of the art Smart-card applications have been manually proved (eg. Logica). Smart-card applications have been manually proved (eg. Logica). Safety-critical systems have been developed from specification (eg. Praxis). Safety-critical systems have been developed from specification (eg. Praxis). Commodity software includes many assertions (eg. Microsoft Office) Commodity software includes many assertions (eg. Microsoft Office) Open Source software is freely available for research as well as use (eg. Apache). Open Source software is freely available for research as well as use (eg. Apache). Programming theories cover O-O and concurrency (eg. this conference) Programming theories cover O-O and concurrency (eg. this conference)

20 Available Tools Assertion generators (eg. DAIKON) Assertion generators (eg. DAIKON) Program analysers (eg. PREfix, SPLINT) Program analysers (eg. PREfix, SPLINT) Abstract Syntax Tree compiler (eg.PREfast) Abstract Syntax Tree compiler (eg.PREfast) Verification Condition Generator (eg. ESC) Verification Condition Generator (eg. ESC) Program Development Environment (eg.B) Program Development Environment (eg.B) Theorem provers (eg. simplify, HOL) Theorem provers (eg. simplify, HOL) Decision procedures (eg. SAT, PVS) Decision procedures (eg. SAT, PVS) Model checkers (eg. SPIN, FDR) Model checkers (eg. SPIN, FDR)

21 Risks Poor quality of legacy code/languages. Poor quality of legacy code/languages. Errors are just missing preconditions. Errors are just missing preconditions. Errors are exploited for functionality or compatibility reasons. Errors are exploited for functionality or compatibility reasons. Spec of external interfaces impractical. Spec of external interfaces impractical. Build/configuration files cant be proved. Build/configuration files cant be proved. Multiple languages in a single application. Multiple languages in a single application.

22 Rare Requires maturity of the Science Requires maturity of the Science (but not too mature) (but not too mature) Requires general support of the many Requires general support of the many Long-term commitment of the few Long-term commitment of the few Sympathy from funding agencies Sympathy from funding agencies It is hard to start the bandwagon It is hard to start the bandwagon

23 Early decisions What language(s)? What language(s)? What compiler/loaders/run-time checkers? What compiler/loaders/run-time checkers? Which particular applications? Which particular applications? Smartcard Smartcard Embedded Embedded Critical Critical Commodity Commodity What collaborators? What collaborators?

24 Timetable 2005 start of project 2005 start of project 2010 smartcard software proved correct 2010 smartcard software proved correct 2015 critical applications proved safe 2015 critical applications proved safe 2020 commodity software proved secure 2020 commodity software proved secure

25 Acknowledgements Jim Woodcock Jim Woodcock Greg Morrisett Greg Morrisett Jay Misra Jay Misra Peter OHearn Peter OHearn Richard Bornat Richard Bornat Carl Gunter Carl Gunter and many others and many others

Download ppt "The Verifying Compiler: a Grand Challenge for Computing Research Tony Hoare Leiden5 November, 2003."

Similar presentations

3/27/2017 10:01 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

3/27/ :01 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Supporting Life Scientists via End User Programming Luke Church Computer Laboratory, University of Cambridge Microsoft eScience - Dec 08 With thanks to.

Supporting Life Scientists via End User Programming Luke Church Computer Laboratory, University of Cambridge Microsoft eScience - Dec 08 With thanks to.
The ideal of program correctness Tony Hoare CAVSeattleAugust 2006.

The ideal of program correctness Tony Hoare CAVSeattleAugust 2006.
Configuration management

Configuration management
Software change management

Software change management
Configuration management

Configuration management
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
The ideal of program correctness Tony Hoare BudapestSeptember 2006.

The ideal of program correctness Tony Hoare BudapestSeptember 2006.
Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.

Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
DECO3008 Design Computing Preparatory Honours Research KCDCC Mike Rosenman Rm 279

DECO3008 Design Computing Preparatory Honours Research KCDCC Mike Rosenman Rm 279
Software Evolution Managing the processes of software system change

Software Evolution Managing the processes of software system change
System Design and Analysis

System Design and Analysis
CSC 395 – Software Engineering Lecture 9: Testing -or- How I Stopped Worrying and Learned to Love the Bug.

CSC 395 – Software Engineering Lecture 9: Testing -or- How I Stopped Worrying and Learned to Love the Bug.
Describing Syntax and Semantics

Describing Syntax and Semantics
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 0.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 0.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Similar presentations

Ads by Google